Win32k.sys: A Patched Stuxnet Exploit

…we also indicated in that paper that there are two Elevation of Privilege (EoP) vulnerabilities that we chose not to describe while patches were pending. One of these has now been patched, so we’re now able to publish some of the information we have on it. (When the other vulnerability has been patched, we plan to update the Stuxnet paper with information on both issues.)

Stuxnet the Inscrutable

This is an item you may not have seen amid all the speculation about Stuxnet, Iran and Israel.

Sality se suma a la vulnerabilidad LNK

Luego de las repercusiones sobre Stuxnet, explotando la vulnerabilidad CVE-2010-2568, a la cual se sumaron dos familias más (Win32/TrojanDownloader.Chymine.A y Win32/Autorun.VB.RP) y la incorporación del exploits a un crimeware (Zombie Explotation Kit), recientemente se ha descubierto otro código malicioso que utiliza esta debilidad para infectar los sistemas de información. Se trata de Sality, un peligroso

Aparecen nuevas familias de malware explotando vulnerabilidad 0-Day "LNK"

Cómo adelantamos en estos días a modo de tendencia, nuevas familias de códigos maliciosos han aparecido empleando como vector de ataque la misma vulnerabilidad 0-Day (CVE-2010-2568) utilizada por Win32/Stuxnet.A. Investigadores de ESET han identificado en las últimas horas dos códigos maliciosos más relacionados con la explotación de la vulnerabilidad en cuestión. Se trata de la

New malicious LNKs: here we go…

These new families represent a major transition: Win32/Stuxnet demonstrates a number of novel and interesting features apart from the original 0-day LNK vulnerability, such as its association with the targeting of Siemens control software on SCADA sites and the use of stolen digital certificates, However, the new malware we’re seeing is far less sophisticated, and suggests bottom feeders seizing on techniques developed by others. Peter Kosinar comments:

(Windows) Shellshocked, Or Why Win32/Stuxnet Sux…

…But that doesn’t mean that this particular attack is going to vanish any time soon, AV detection notwithstanding. Now that particular vulnerability is known, it’s certainly going to be exploited by other parties, at least until Microsoft produce an effective fix for it, and it will affect some end users long after that…

Follow us

Copyright © 2017 ESET, All Rights Reserved.